Documentation ¶
Overview ¶
Package ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute. This is meant to be used on login handlers or other sensitive transactions which should be throttled to prevent abuse.
Tracked clients are stored in a locked map, with a goroutine that runs at a configurable interval to clean up stale entries.
Note that there is no enforcement for GET requests. This is an effort to be opinionated in order to hit the most common use-cases. For more advanced use-cases, you may consider the `github.com/didip/tollbooth` package.
The enforcement mechanism is based on the blog post here: https://www.alexedwards.net/blog/how-to-rate-limit-http-requests
Index ¶
Constants ¶
const DefaultCleanupInterval = 1 * time.Minute
DefaultCleanupInterval determines how frequently the cleanup routine executes.
const DefaultExpiry = 10 * time.Minute
DefaultExpiry is the amount of time to track a bucket for a particular visitor.
const DefaultRequestsPerMinute = 5
DefaultRequestsPerMinute is the number of requests to allow per minute. Any requests over this interval will return a HTTP 429 error.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PostLimiter ¶
PostLimiter is a simple rate limiting middleware which only allows n POST requests per minute.
func NewPostLimiter ¶
func NewPostLimiter(opts ...PostLimiterOption) *PostLimiter
NewPostLimiter returns a new instance of a PostLimiter
func (*PostLimiter) Cleanup ¶
func (limiter *PostLimiter) Cleanup()
Cleanup removes any buckets that were last seen past the configured expiry.
func (*PostLimiter) Limit ¶
func (limiter *PostLimiter) Limit(next http.Handler) http.HandlerFunc
Limit enforces the configured rate limit for POST requests.
TODO: Change the return value to an http.Handler when we clean up the way Gophish routing is done.
type PostLimiterOption ¶
type PostLimiterOption func(*PostLimiter)
PostLimiterOption is a functional option that allows callers to configure the rate limiter.
func WithCleanupInterval ¶
func WithCleanupInterval(interval time.Duration) PostLimiterOption
WithCleanupInterval sets the interval between cleaning up stale entries in the rate limit client list
func WithExpiry ¶
func WithExpiry(expiry time.Duration) PostLimiterOption
WithExpiry sets the amount of time to store client entries before they are considered stale.
func WithRequestsPerMinute ¶
func WithRequestsPerMinute(requestLimit int) PostLimiterOption
WithRequestsPerMinute sets the number of requests to allow per minute.